03-15-2012 12:39 AM
I ask you this because what i do for turnin it on or off is right click on MY PC, and putting de checkbox that says DESACTIVATE SYSTEM RESTORE. I am doing it well?
I doesn't matter if i do the clea issue with the OTL in another moment? independently of the system restore issue?
03-15-2012 12:50 AM
I know how to turn off System Restore, you are correct.
I have never known System Restore to place anything to do with OTL in a restore point as it's not the system.(Windows) Just don't click any file inside the _OTL folder if you have not done the black "CleanUp" button yet.
03-15-2012 12:52 AM
Alright, thak you a lot, i doubted because you said it could take 20 minutes or so, but when i click on the checkbox of system restore it takes 5 seconds once i press YES.
03-15-2012 01:18 AM
Don't forget the "CleanUp" button then OTL will delete itself and it's folders (_OTL) with the removed files inside Or I should say it should.
Other than that, Good luck.
03-15-2012 01:35 AM
Yes, i did that, click the CLEANUP button, restart the computer with SYSTEM RESTORE OFF. Then i restarted again with SYSTEM RESTORE ON.
I ran a scan over the WINDOWS folder, the system32 folder and finally an active scan and it didn't find any risks.
The only thing that really surprised me is that when doing the active scan i can see that it scans the file NTOS (which i could not see), that file is the one that had the virus, but it doesn't says anything. Anything to worry about?
03-15-2012 01:43 AM
1. it could be looking for the file in a quick scan NTOS and it didn't appear or get detected, so that is OK
2, It could be the file ntosknel.exe which is needed by Windows, but with zeroaccess gone (and others) the legit file is no longer acted on so is not detected as possibly earlier so is not detected either. that's OK
03-24-2012 08:54 PM - edited 03-24-2012 08:56 PM
Seems that someone has been using bad the computer because i got three zeroaccess (and other problems) with new names all located at the system32 folder.
Do i have to run combofix or something like that or it's better that i post some logs from otl or fss?
Once i get rid of this i am considering to put windows firewall at 100%.
PD: Other problems feature the google redirect stuff.
04-22-2012 01:35 PM
I have this virus too and need help removing it from my system. I am only able to operate my computer in safe mode. Every time I try to boot in normal mode, the computer crashes and goes back to safe mode. The windows restore option is not working and, I am getting a message saying that there has not been a restore point set on my computer. I have Norton security. Should I reinstall windows altogether (have the original discs)? Or should I try the removal solutions suggested here to see if the virus will be cleared. Please, walk me through the steps because I am not a comp expert.